Comment on I cannot seem to figure out how to get caddy automatic HTTPS to work behind cloud flair proxy.
just_another_person@lemmy.world 2 months ago
Having an HTTPS enabled server behind a proxy means the server is connecting with the proxy endpoint. That’s not how HTTPS works. If you want HTTPS enabled for a server, you would do it at the original hand off, in the case meaning the Cloudflare proxy that clients connect to.
douglasg14b@lemmy.world 1 month ago
I am doing SSL termination at the handoff which is the caddy proxy. My internal servers have their SSL terminated at caddy, my traffic does not go to the internet… It loops back from my router to my internal Network.
However DNS still needs to have subdomains in order to get those certificates, this cloudflair DNS. I do not want my IP to be associated with the subdomains, thus exposing it, therefore cloudflair proxy.
You can have SSL termination at multiple points. Cloudflare can do SSL termination and Cloudflair can also connect to your proxy which also has SSL termination. This is allowed, this works, I have services that do this already. You can have SSL termination at every hop if you want, with different certificates.
That said, I have cloudflair SSL off. Which I mentioned in the post… Cloudflare is not providing a cert, nor is it trying to communicate with my proxy via HTTPS.
just_another_person@lemmy.world 1 month ago
Yeah…I’m not sure where you’re confused, but that’s what I said. You can’t have: Client > HTTP Proxy > HTTPS endpoint. It doesn’t work that way.